File name:

Вложенный файл Почты.eml.eml

Full analysis: https://app.any.run/tasks/39e38fcf-bd9c-4796-a019-4359888cd3f8
Verdict: Malicious activity
Analysis date: January 10, 2025, 19:25:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
phish-url
possible-phishing
phishing
obfuscated-js
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with CRLF line terminators
MD5:

E272E80E431A4F4F6943CD9327F8713C

SHA1:

8BEDD071CAFEFB98647BBBAAA7F1A2C93F044B44

SHA256:

E2ADD23128082DD99BF373C7CF0B31FCF8EE9BD81F9DD72AB569B16C80ED6491

SSDEEP:

384:lKqhfZBzU7oQqht+AwU9+AcQCaiEhCj59+Aq9+AyQyxm4O8J9+Aa9+AsQkSfip5L:QqvBzUhgU90FjhCjiGIy44O8SaKkSf4x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Suspicious URL found

      • OUTLOOK.EXE (PID: 5400)

    • Possibly a phishing URL has been detected

      • OUTLOOK.EXE (PID: 5400)

    • Phishing has been detected

      • msedge.exe (PID: 5888)

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 6792)

  • SUSPICIOUS

    • Possibly a phishing URL contains email has been detected

      • msedge.exe (PID: 5888)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 6956)

    • Application launched itself

      • msedge.exe (PID: 5888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
183
Monitored processes
52
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1500 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1192"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6588 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7076 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7232 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1704"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5020 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x2f8,0x310,0x7ff821f85fd8,0x7ff821f85fe4,0x7ff821f85ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3052"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4436 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3464"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7304 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3584"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4600 --field-trial-handle=2420,i,8816686620948656531,6985130461345981967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
14 992
Read events
14 488
Write events
419
Delete events
85

Modification events

(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
Operation:writeName:SessionId
Value:
AFEEB5705FF7A34F89D3499EC836B583
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\OUTLOOK\1644
Operation:delete valueName:0
Value:
ซ渐�꿃僁赇臢섙䘱醛ꂾ樁င$驄摽鶲…ީ湕湫睯쥮Ȇ∢්ł¢ᣂ숁씀褎예ﴏ�뾙뚠ǭ჉砃㐶ᇅ೬ዒ漋甀琀氀漀漀欀⸀攀砀攀씀‖ៅ肀줄࠘㈲㈱䐭捥
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\OUTLOOK\1644
Operation:delete keyName:(default)
Value:
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5400
Operation:writeName:0
Value:
0B0E10B81F271CD724A945B2C59A275FCC8F3F230046B7FC88D3D7F2D8ED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C50E8908C91003783634C511982AD2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:writeName:SessionId
Value:
1C271FB8-24D7-45A9-B2C5-9A275FCC8F3F
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Preferences
Operation:delete valueName:ChangeProfileOnRestart
Value:
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:writeName:00030429
Value:
09000000
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(5400) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:writeName:00030397
Value:
60000000
Executable files
6
Suspicious files
339
Text files
64
Unknown types
0

Dropped files

PID
Process
Filename
Type
5400OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF142c3e.TMP
MD5:
SHA256:
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF142c4e.TMP
MD5:
SHA256:
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
5400OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\15929497-54B8-4BED-9BF2-54C8D11665E2xml
MD5:1F3AC5B1FAE0CAF3CEC7A45DB79F59E3
SHA256:7678E9A7B94DC92768053629C3A10F8CA5BDD7A6E4068F3982B930FBCBAD4319
5400OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:E0854B75347B446D8052C8274D9175BB
SHA256:FA283DE3E88A51FAFC20B1957189B2E916E30EDD33C12745AB02E30A94E5CCDB
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF142c3e.TMPtext
MD5:818E5512B63AF7BC7B8363A92D905712
SHA256:ECD4298AE18D0B60EA5F0B3B04761F740B51B18B0D69B42CEF028463A7A46780
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF142c4e.TMPtext
MD5:C5C8E14929BCE261B2B5B899CB479AF7
SHA256:73DBFF8A366CFF6972A38C091782EF62C89E28FDA1423A47448A60343F921754
5888msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF142c1f.TMPbinary
MD5:DFFC82B8D23613E62A20204028CEF32F
SHA256:114690F0417A9A6B079EA8D0534F095B04467809DCA929EB0983059E1C60FB6C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
93
DNS requests
106
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.173:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5400
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5400
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1356
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1356
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6312
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4724
svchost.exe
HEAD
200
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1736931800&P2=404&P3=2&P4=CqXf1Y4EZCp%2bWuh7gQhUFAY1jeZ71ZNlk0SHntRzNXgkG2MA2DHOvNQkEF7iQCNK1xESsPLCX63Zigbuh4M4mw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.173:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.144:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5400
OUTLOOK.EXE
52.109.76.240:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5400
OUTLOOK.EXE
52.113.194.132:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
5400
OUTLOOK.EXE
52.109.68.129:443
roaming.officeapps.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.173
  • 23.48.23.180
  • 23.48.23.194
  • 23.48.23.143
  • 23.48.23.166
  • 23.48.23.145
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.bing.com
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.155
  • 104.126.37.128
  • 104.126.37.137
  • 104.126.37.130
  • 104.126.37.162
  • 104.126.37.186
  • 104.126.37.123
  • 2.23.227.215
  • 2.23.227.208
whitelisted
officeclient.microsoft.com
  • 52.109.76.240
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
go.microsoft.com
  • 23.35.238.131
  • 184.28.89.167
whitelisted
roaming.officeapps.live.com
  • 52.109.68.129
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

PID
Process
Class
Message
6792
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .sufybkt .com)
6792
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .sufybkt .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6792
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .sufybkt .com)
6792
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .sufybkt .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Вложенный файл Почты.eml.eml